Effective Techniques to Mitigate Risks, Incorporating Voice Signatures - Essay Example

of the of the 5th November Introduction Although the .com phenomenon has taken over every technology interconnected with the Information technology, the Internet is still somewhat an evolving field that keeps on changing constantly. Computing technology, when utilized extensively, has often resulted in achievement of targets for a number of different level organizations. Every so often, however, new threats are elaborated by cyber criminals. The probability of a new threat to break into the network remains despite the usage of highly updated and sophisticated security modules securing the networks and data centers. Moreover, cyber criminals or hackers have been discovering effective codes, by the day, to enhance the hacking tools that are required to break into confidential information like website customer details or bank passwords etc. Eventually, ‘the mission critical data’ is exposed, causing severe losses for organizations. These scenarios occur due to deficiency of security. Internet searches make available a thousand or more definitions to describe ‘security’. The definition of security, in the context of data theft on the internet, consists of concerns linked to i) communication privacy on the network, ii) data confidentiality over the network, iii) unauthorized access to classified data, iv) entry into prohibited network domains and v) internet utilization for hidden communication. A proposal will be put forward that encompasses issues associated with data theft and its effects on Internet users. The consequent part will highlight effective approaches and tactics to eradicate data theft. In addition, a few famous Internet crimes will be attached in the proposal in relevance to issues concerning privacy of data and Internet security. Problem Description If an organization is affected by a security breach, in some cases, it is complex to calculate risks related to information assets present on the network. Likewise, it depends on the severity of the threat that may have caused large disruptions in network-based services. This is the point where digital forensic expert are incorporated for identifying the threat, impact and network incidents caused by it. Organizations experience new techniques and methods from an ongoing investigation by a digital forensic expert. Likewise, the point of interception, methodology and protection etc. are considered to be critical. Moreover, financial institutions are keener to adopt forensic analysis, as this domain including business model and nature of the data, cannot compromise on security. For instance, master card, visa, American express demonstrates a solid online security framework. In the current scenario, where a network is already breached by a threat, these forensic experts focus on three core factors i.e.: A discovery process focused on understanding the application and network infrastructure, as well as the business information flow of the organization Interviews with key personnel to understand the facts of the case from the customers perspective and identify suitable sources of forensics data Injection Attacks A study related to Automatic Creation of SQL Injection and Cross-Site Scripting Attacks was conducted in order to protect data privacy and security over the Internet. The goal of this study was to eliminate SQL injection attacks by a tool called ‘Ardilla’. The tool applies techniques for PHP which is built on input generation, dynamic taint propagation, and input mutation so as to analyze a variant of input that acquires vulnerability. Taint is stored by using ‘Ardilla’, a novel concrete symbolic database that can efficiently extract the most destructive type of Web application attack stored in XSS. The study includes discovery of 68 SQL injection attacks in five applications. Each demonstrates a unique vulnerability with very high accuracy and low false positives. Review Some popular Internet crimes were exposed in the June of 2007, when pentagon severed Internet connections of its 1500 operational workstations (Boni and Kovacich ). The reason for disconnecting them was because of a successful security breach on their unclassified email system from a hacker. Certain reports verified that the compromised email system did not release any information related to military as the system was disconnected to remove the threat. US security defense, Robert Gates has analyzed that the Pentagon systems deflect hundreds of attacks on a daily basis. (Boni and Kovacich ) A survey demonstrated that over 1600 MIS officials from 40 countries and above and about 73 % organizations were experiencing breaches in terms of network security. Moreover, Fortune 1000 companies displayed the highest financial loss due to lack of computer security and information theft in 1997 because many organizations evaluated that they had been deprived of about $ 10 million or more in a single attack. However, the computer emergency response teams Popular Internet Crimes (Boni and Kovacich ). Numerous studies associated with electronic commerce security on websites have been conducted to combat the hackers with the aid of the researchers who research are continuously improve the online security. This literature review analyzes the topic to make it more concise and highlights the issues of website-related data privacy. Data privacy involves customer’s personal name, his address and contact numbers along with secret questions or secret keywords. There are a few websites that also provide a comprehensive data privacy option on their websites but there are also those that do not publish any material related to data privacy. This is a significant issue since customers are unaware of what these websites do when they receive someone’s personal information. It has been observed that some of the websites supporting e-commerce operations keep their privacy seals on. Businesses suffer the brunt of these attacks in the form of severe monetary losses. Such is the example of the Verizon Communications Inc. in 2009 (Scherling ). Their data breach investigators reported that cyber crooks had snuck off with 285 million records. Peter Tippett, vice president of innovation and technology with Verizon Business and the author of the said report stated that the report included all the IP addresses related to the account which was used in the thefts. However the criminals were identified only through comprehensive examination and mutual support of law enforcement agencies comprising of FBI and Scotland Yard. This specific report also revealed that 90 security breaches were studied in all, from which 68 were reserved for further scrutiny to a particular IP address and location. Eastern Europe was incriminated as a frequent agent, trailed by East Asia and North America as per the report conclusion. When online businesses fail to protect their databases from security breaches, online data thefts become rampant. The data information of the customer is compromised leading to a revelation of not only the customer’s personal information but also of their financial status. Likewise, social networking sites are also a significant domain; a prime concern in the context of identity theft. People spend a huge amount of time on such websites as they are becoming habitual to online communication. It is gradually causing quite a negative impact on face-to-face contact. Teenagers are unwary of the fact that published information and material (including pictures) can be recovered even after removal from such social networks. Over sharing personal information can draw the attention of cyber criminals, burglars and even employers who can assess the ideals of an individual just by looking at the comments on the site. This as a result may jeopardize the person’s job. User authentication does not hold much credibility regarding their claims on social networking pages. Users believe in textual correspondence from these social networking sites rather than emails. The security of such websites can be breached at any moment and hence communication or personal pictures become open to publication on the web. Effective Techniques to Mitigate Risks Security Seals Security seals are incorporated into websites to guarantee data privacy for consumers who provide online data. These security seals put into practice specific rules and policies as well as information related to employment of personal data. In this manner, customers find some assurance regarding their personal data (Siljander ). Identity theft is a still lesser known yet debatable issue because servers of these websites contain all the personal information of the customer, most importantly their credit card numbers due to e-commerce transactions. Some of the popular security seals are i) BBB online ii) Web trust and iii) Trust-e (Siljander ). P3P(The Platform For Privacy Preferences) Technological web services are employed for handling of data privacy issues. The ‘P3P’ is an organization that has been established by the worldwide Web consortium (W3C). It acts for the website users to attain control over the information they offer. ‘P3P’ does not ensure the protection of personal data provided by the user to any website. For all the organizational bodies, nobody is compelled to perform actions linked to website data security. It is imperative for all websites or organizations to adhere to a method that is mandatory The study conducted to emphasize on gain versus loss prevention, with respect to regulatory focus. The issues illuminated in the surveys addressed to eliminate threats, data privacy issues and vulnerabilities. The research reflects the review of certain courses. The 163 master’s programs that are offered were examined. Data was collected by web search related to master’s program curriculum. After the evaluation of all the results from these masters programs, the conclusion was that Masters programs lack courses or modules related to security, law and ethics. It is because these are the topics that highlight the current issues faced by e-commerce including legal and security incidents. Therefore it is highly important to add these courses or modules to the master’s programs. Semantic Web A study called “Trust worthy web services provisioning for differentiated customer service” was suggested as a proposed solution in the year 2008. As a result, another research was also conducted in similar context by the year 2010. It addressed the same issue by recommending a framework consisting of web service negotiation by a negotiation message and a negotiation protocol between two parties. State machine based formalism is employed for explaining the high-level support of data flow and privacy in online services. This technology is based on the “Semantic Web”. The semantic web is a creative venture aspiring to undertake highly developed usability and creativity of the web by enabling the processing equipment to read, search and recognize the published content of web documents. They accomplish these tasks by employing automated agents and web based services. Securing Virtual Terminal Services Virtual terminal services are the most useful services operating on the Internet. These services set up connectivity between workstations or servers even though they are geographically distant by thousands of miles. However, these services also face network security related issues. For the UNIX environment, some counter measures are available to secure the virtual terminal services to some extent. There is a requisite of establishing a secure root password and maintaining its secrecy from everyone. Furthermore, the password is to be used only on secure channels. In addition, the configuration of network terminal sessions should be able to restrict access to accounts regardless of reflection of passwords. Incorporating Voice Signatures The Voice Commerce has opened a National Trust Centre in the UK by collaborating with Nuance Communications. Their purpose is to minimize and reduce electronic crime issues between consumers and business partners The Trust Centre means to accommodate any business for the authentication and authorization of transactions bearing ‘voice signatures’. It is to decrease online transaction frauds. The aforementioned voice signatures are enabled in every cell phone. The voices are saved originally in the trust centers that are built to preserve voice signatures. This allows individuals to call for verification of their voice patterns with the stored voice signature. A successful match of voice signature authenticates and validates the transaction. Developing Risk Management Framework Another effective method to avoid online data theft is to build a Risk management framework. The components of the framework possibly depend upon four components such as a) Risk assessment b) Risk Identification c) Risk reduction and d) Risk monitoring. The target is to raise awareness about information assets that can be owned. Besides that, co-ordination is necessary for risk management within each department accountable. This model can be used on any organization in the UK. Spreading Manual to Aware People Information on the Internet is enormous and it is not organized systematically in terms of searching data for a specific piece of information. A link on a website that contains manuals allows people to take precautionary measures before disclosing information online. UK has launched a free of charge guide called ‘Avoiding Identity Theft’ from IVA-info-UK.org.uk. This guide enables consumers within the UK to raise awareness and teach ways to guard personal information. Work Cited Boni, W. C., and G. L. Kovacich. I-Way Robbery: Crime on the Internet. Butterworth-Heinemann, 1999. Print. Scherling, M. Practical Risk Management for the CIO. Taylor & Francis, 2011. Print. Siljander, R. P. Introduction to Business and Industrial Security and Loss Control: A Primer for Business, Private Security, and Law Enforcement. Charles C Thomas Publisher, Limited, 2008. Print. Read More